Failover DNS when using external DNS server
-
Hello; I am wondering if following is possible.
I am running my DNS (NextDNS via Rasp Pi) and my DHCP clients have the IP address of the Rasp Pi. Would it be possible that if my Rasp Pi were to ever go down, then my clients go to 8.8.8.8 for DNS?If i put 8.8.8.8 as a 2nd IP for DNS then my clients will pick and choose which DNS server to go on and i want them all to go pass NEXTDNS first and only if that is not reachable then hit 8.8.8.8
Thank you,
-
@iptvcld yeah doesn't work that way on any dns/os that I am aware of.. When you list more than 1, you can never be sure which one the client will pick to use.
But I always wonder why people are concerned with their pi going down.. I have been running pihole on pi for years, never had any issues with it going down. And lets say it did, and you can't fix it for a bit - just then change your dhcp to hand out either 8.8.8.8 or pfsense IP for dns.. Simple dns renew or reboot of the device and you should be back up and running.
-
@johnpoz on the pi i have DNS and my unifi controller (their own containers) and there have been times where i need to reboot the pi and it would not come back until i pulled the power. So was wondering if it was possible to have pfSense route DNS to 8.8.8.8 if my pi is down.
I know i can change it via logging in but when I am not home for a week at a time and if something happens to that pi, i want DNS to still route.
-
@iptvcld I have not looked if there is anyway to do that via unbound. But the typical forwarder in pfsense, dnsmasq has the option of sequential forwarding.. So if you forward to say your pi, and it doesn't answer it would just forward to next guy on your list.
Haven't really played with dnsmasq since unbound was added to pfsense, so I don't recall if in the conf if you can set number of retries before it moves on, or set specific timeout numbers before it moves on to the 2nd one. I am pretty familiar with the unbound features and off the top there is not any obvious way to do it like dnsmasq and their sequential query option.
But something like that could solve your issue, but then again you might not know when dnsmasq is asking your pi or 8.8.8.8 other than say stuff isn't blocked or you start seeing ads, etc.
I have done rebuilds of my pi, changed the sd in it, etc. and had to reinstall that sort of thing - when I am going to take it down for a bit.. I just manually point what I will need for dns to pfsense directly, and just let the rest of the network be without dns until I get it fixed.
If you don't a 2nd pi, you could just run one in docker or vm all the time, and have your clients point to both of them - as long as they filter the same doesn't really matter which one they ask. I know I have seen lots of people with that sort of setup. Not sure if you can set them up to share cache or not?
I personally wouldn't want for anything that "could" switch over on its own to some other dns where the answers would not be exactly the same. Ie filtered or not filtered. If your interested in redundancy on failure of 1 device/service - I would make sure your failover filters your dns the exact same was your primary.
My take on it you have filtered dns or you don't have dns ;) Unless its my choice and do it on purpose for my device(s) etc.. Wife your just down until I can bring up filtered dns again ;) heheh
-
@johnpoz I appreciate your response. The sequence forwarder might be an option but it seems like it follows the list under the General options and may not be able to use what I have under my dhcp DNS section.
Since on this topic, I am thinking to rework some of my devices. I am thinking to get a Lenovo Tiny and just run dns and my UniFi controller on that Tiny (as VM) and then run also run DNS server on one of my other servers that already has Promox as a CT and that way I have redundancy. I want to take the pi out as I have another project I want to rework that for.
Have DNS via VM, would it have any negative impact?
-
@iptvcld said in Failover DNS when using external DNS server:
Have DNS via VM, would it have any negative impact?
No not really - it doesn't take much resources to serve up 1000 and 1000 of queries even a second..